lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e024ccca0603010501p105639c5m6d59cef4cedb74fd@mail.gmail.com>
Date: Wed Mar  1 13:02:03 2006
From: dudevanwinkle at gmail.com (Dude VanWinkle)
Subject: Re: Fedex Kinkos Smart Card Authentication
	Bypass

On 2/28/06, Lance James <bugtraq@...urescience.net> wrote:
> Eric B wrote:
> > Wait, so if I read this right, consumers with existing cards could
> > dupe their legit cards for fake ones and cash in the fake ones yet
> > still have credit on the legit card?
> >
> > So I'm assuming Fedex has no database/authentication system storing
> > these serials...brilliant.
> >
>
> Yup.
>
> According to Fedex Kinko's:
> "Our analysis shows that the information in the article is inaccurate
> and not based on the way the actual technology and security function.
> Security is a priority to FedEx Kinko's, and we are confident in the
> security of our network in preventing such illegal activity."
>
> Our response:
>
> http://ip.securescience.net/exploits/P1010029.JPG

lol, now thats a funny picture!

So am I to assume that normally you can go beyond 31337 on a Kinko's
card and this is a modding of the original to produce the displayed
picture?

-JP

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ